Security News > 2022 > February > MuddyWater hacking group targets Turkey in new campaign
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions.
The hacking group has been attributed to attacks against entities in Central and Southwest Asia and numerous public and privately-held organizations from Europe, Asia, and North America in the telecommunications, government, oil, and airline industry sectors.
A new report by researchers at Cisco Talos links MuddyWater to recent attacks targeting Turkish private organizations and governmental agencies.
As part of the attack, the MuddyWater threat actors use two infection chains that begin with delivering a PDF file.
These files are typical XLS documents that carry malicious VBA macros which initiate the infection process and establish persistence by creating a new Registry key.
The researchers attribute these attacks to the MuddyWater group based on the observed technical indicators, tactics, procedures, and C2 infrastructure.